Data loading process

ABSTRACT

Updating method for coupling a supplementary automation system (AGS) to an overall automation system (AGS) having a basic system and transferring the contents of the main memory area (BAS) of the basic system (BAS) by section-by-section readout and writing to the main memory area (ZAS) of the supplementary system (ZAS), with the same data being written to a buffer memory area both when data is read section-by-section from the main memory area of the basic system and when data is written from and to the main memory area of the basic automation system and being transferred from the buffer memory area to the main memory of the supplementary system.

FIELD OF THE INVENTION

The present invention concerns an updating method for coupling asupplementary automation system to an overall automation system whichhas a basic automation system and controls an industrial process withoutinterruption. Each automation system has access to its own main storagearea and can exchange information with the others and with theindustrial operation via communication means.

BACKGROUND INFORMATION

Conventional redundant automation systems are widely used. In mostcases, the automation systems are designed with single or doubleredundancy, i.e., two to three automation system are used to control oneand the same industrial operation or industrial plant. With such aconfiguration, one of the automation systems, hereinafter referred to asthe supplementary automation system, may fail, and then the industrialplant is controlled by the remaining automation system(s), the basicautomation system or the remaining automation systems.

Updating in coupling a supplementary automation system to an overallautomation system formed by at least one automation system is thusnecessary, for example, when one of the automation systems has been shutdown temporarily due to maintenance work and then started up again afterconclusion of the maintenance work. When the automation system that hasbeen shut down temporarily is coupled, it is relevant in particular thatthe supplementary automation system to be coupled receives the datainventory of the basic automation system. This procedure is known asupdating.

Thus, an object of the updating method is to transfer the contents ofthe main memory area of a basic automation system to a supplementaryautomation system. European Patent No. 636 956 describes an updatingmethod where data configurations of non-time-critical states and therespective periods of time during which responses to changes in state ofthe industrial operation are non-time-critical are preset in the basicautomation system. Updating is triggered when the duration of thenon-time-critical state exceeds the duration required for updating.

If there is insufficient non-time-critical state, updating is performedaccording to the method described in European Patent No. 636 956 withintime slices inserted cyclically into the program processing. The actualupdating takes place by reading out of the main memory area of the basicautomation system section by section and writing to the main memory areaof the supplementary automation system.

Reading out data section by section is also time consuming. Specificallyfor the case when a time-critical operation is controlled by the basicautomation system whose data must be read out, it should be taken intoaccount that the basic controlling automation system cannot monitor theoperation during readout and thus may not be able to react promptly tochanges in state of the operation. Often, even such a short-term“monitoring gap” is intolerable in controlling the industrial operation.

SUMMARY OF THE INVENTION

An object of the present invention is to provide an updating method forcoupling a supplementary automation system to an overall automationsystem which has a basic automation system and controls an industrialoperation without interruption, with the method being executable withoutany negative effect on the control of the industrial operation.

Due to the given boundary conditions in the industrial operation to becontrolled, it is impossible to transfer the contents of the main memoryarea of the basic automation system in one step to the supplementaryautomation system to be coupled. Therefore, the updating is divided intotwo runs.

In a first run, the contents of the main memory area of the basicautomation system are transferred by successive readout from the mainmemory area of the basic automation system and input into the mainmemory area of the supplementary automation system. The volume of dataread out or written in one step is determined by the length of timerequired for this procedure and the maximum tolerable latency phase ofthe basic automation system with respect to the industrial operation tobe controlled.

If, in section by section readout of data from the main memory area ofthe basic automation system, the same data is written in a bufferstorage area, then the basic automation system can resume control of thetechnical operation again to advantage while data is being transferredfrom the buffer storage area to the supplementary automation system. Thetime during which the basic automation system cannot monitor theindustrial operation is thus shortened by using the buffer storage area.

The more powerful the communication means over which data is transferredfrom the main storage area of the basic automation system into thebuffer storage area, the shorter the period of time during which thebasic automation system cannot monitor the industrial operation.

A similarly positive effect is achieved by using powerful memory,optimized for the given application—e.g., a static RAM, or static RAM asa dual-port RAM—for the buffer memory area.

After a certain number of reading and writing operations as describedabove, the “basic data inventory” of the basic automation system hasbeen successfully transferred to the supplementary automation system.During this period of time, however, data in the main memory area of thebasic automation system is subjected to continuous changes due to theuninterrupted control of the industrial operation, because counts andtimer values, for example, as well as output signals also change. Beforethe updating can be regarded as concluded, the identity of the data mustbe guaranteed.

The changes occurring meanwhile in the basic automation system must betransferred in at least one additional subsequent updating run.

To do so, in writing new and/or revised data into the main memory areaof the basic automation system, the same data is also written to thebuffer memory area together with position information. The contents ofthe buffer memory area are transferred to the supplementary automationsystem, and the data transferred is written to the main memory area ofthe supplementary automation system with analysis of the positioninformation.

The position information includes information on the position of therevised data in the main memory area of the basic automation system andalso at least information about the data volume. This positioninformation is then analyzed in entering in the main memory area of thesupplementary automation system so that data transferred will occupy thesame position in the main memory area of the supplementary automationsystem as did the original data in the main memory area of the basicautomation system.

This position information is absolutely necessary only in transmittingnew and/or revised values during the minimum of one additional updatingrun. In section-by-section readout of data from the main memory area ofthe basic automation system and in writing this data to the buffermemory area, the position information is not necessary under thecondition that it is stipulated that the readout data will always occupythe same area in the buffer memory area, and the area of the buffermemory area thus occupied is transferred to the supplementary automationsystem before being overwritten in renewed section-by-section readout ofdata from the main memory area of the basic automation system. In such aprocedure, position information is present more or less implicitly. Theupdating method logs the number of sections read out of the main memoryarea of the basic automation system and writes the next section on thebasis of this information. In addition, the supplementary automationsystem logs the number of sections already written when data is enteredinto this system, so that it is always the next section that is updated.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 shows an exemplary embodiment of an automation system accordingto the present invention.

DETAILED DESCRIPTION OF THE INVENTION

According to FIG. 1, an industrial operation TP indicated onlyschematically—is controlled by an overall automation system AGS. Overallautomation system AGS has at least one basic automation system BAS andat least one supplementary automation system ZAS. Basic automationsystem BAS is referred to below simply as basic system BAS, andsupplementary automation system ZAS is referred to as supplementarysystem ZAS.

To control industrial operation TP, automation systems BAS, ZAS have aprocessor P which runs a program stored in main memory area HSB tocontrol industrial operation TP. In addition, at least process datarepresenting the present status of the industrial operation controlledare stored in main memory area HSB. Furthermore, automation systems BAS,ZAS have communication means KM for communicating with the industrialoperation TP and for communication with other automation systems BAS,ZAS of overall automation system AGS. Basic system BAS and supplementarysystem ZAS are essentially identical in design.

It is assumed in the present case that basic system BAS controlsindustrial operation TP exclusively and that supplementary system ZAS isto be coupled to basic system BAS to directly assume control ofindustrial operation TP in the event of failure of basic system BAS. Todo so, not only must the program in main memory area HSB of basic systemBAS be identical to the program in main memory area HSB of supplementarysystem ZAS, but also the process information stored in main memory areasHSB of automation systems BAS, ZAS must be the same.

Of course, supplementary system ZAS must be neither executing theprogram nor perform writing access to peripherals during the updating.However, joint execution of reading access to peripherals is actuallyadvantageous in that it implicitly updates supplementary system ZAS.

The contents of main memory area HSB of basic system BAS are transferredto supplementary system ZAS by reading out the contents and writing themsection by section to main memory area HSB of supplementary system ZAS.In section-by-section readout of data from main memory area HSB of basicsystem BAS, the same data is written to a buffer memory area ZSB. Whenwriting data, in particular when writing new and/or revised data to mainmemory area HSB of basic system BAS, the same data is also written tobuffer memory area ZSB together with position information. The contentsof buffer memory area ZSB are transferred to supplementary system ZAS.The transfer takes place either by active reading of supplementarysystem ZAS or by active writing initiated by instance BAS, ZAScontrolling buffer memory area ZSB, with data transferred from buffermemory area ZSB to supplementary system ZAS being written to main memoryare HSB of supplementary system ZAS. For the case when data transferredfrom buffer memory area ZSB to supplementary system ZAS, the data isallocated with position information; this data is analyzed for writingto main memory area HSB of supplementary system ZAS.

In an advantageous embodiment of the updating method, positioninformation is also assigned to data written to buffer memory area ZSBin section-by-section readout from main memory area HSB of basic systemBAS. In this way, transfer of data from main memory area HSB of basicsystem BAS to buffer memory area ZSB is completely uncoupled fromtransfer of data from buffer memory area ZSB to main memory area HSB ofsupplementary system ZAS.

In transferring data from main memory area HSB of basic system BAS tobuffer memory area ZSB, data is written to buffer memory area ZSB atpredetermined times. In this way it is possible for data to be writtenat times which are especially suitable for transferring data, so thatmonitoring of industrial operation TP to be controlled is impaired aslittle as possible. These times which are especially suitable may be,for example, equidistant times or times based on a particular state—arange/section marked explicitly as interruptible, the absence ofcritical operations within a certain range/section, etc.—of the programexecuted to control industrial operation TP.

Updating takes place especially quickly and reliably if the dataadditionally written to buffer memory area ZSB in entering data intomain memory area HSB is transferred immediately to supplementary systemZAS. Even with this immediate transfer, the separation of the transferoperations from main memory area HSB of basic system BAS to buffermemory area ZSB and from buffer memory area ZSB to main memory area HSBof supplementary system ZAS is maintained.

Because of the uninterrupted control of industrial operation TP by basicsystem BAS, the data inventory of basic system BAS is undergoingconstant changes. These changes may also occur in areas alreadytransferred to supplementary system ZAS by section-by-section readoutand writing to supplementary system ZAS. For this reason, a speciallyadapted updating method must also be used for transferring new and/orrevised data. Therefore, main memory areas HSB of basic andsupplementary systems BAS, ZAS and buffer memory area ZSB are dividedinto segments.

When writing data to main memory area HSB of basic system BAS, thecontents of the segment to which writing access was performed at thetime of writing are read out. The contents of the entire segment arethen written to buffer memory area ZSB together with positioninformation. Just as before, the position information containsinformation on the position in main memory area HSB of basic system BASand also at least information about the data volume, i.e., in this caseinformation about the size of the segment.

The contents of the entire segment are transferred from buffer memoryarea ZSB to supplementary system ZAS and written to main memory area HSBof supplementary system ZAS with analysis of the position information.In this way, the changes occurring during the section-by-sectionupdating can be rapidly and reliably transferred to supplementary systemZAS. For the case when new and/or revised data is obtained in one andthe same segment of main memory area HSB of basic system BAS, all therevised data of this segment can be transferred to buffer memory areaZSB in a single transfer operation. This ensures that each revised byteof information is not transferred individually, but instead a completedata structure which is located entirely in this segment can betransferred.

To be able to monitor the changes occurring during updating in mainmemory area HSB of basic system BAS, status information is assigned toeach segment of the main memory area at least of basic system BAS. Atthe start of the updating method, all status information is set at avalue indicating that the data of the respective system has not yet beentransferred to supplementary system ZAS. As soon as the data of onesegment has been transferred to supplementary system ZAS, the statusinformation of the respective segment is set at a value indicating thatthe data of the respective segment has been transferred to supplementarysystem ZAS. If new and/or revised data is written to a segment, thestatus information of the respective segment is set at a valueindicating that the data of the respective segment has not yet beentransferred to supplementary system ZAS. The status information isanalyzed so that the only data transferred to supplementary system ZASis data of segments whose status information indicates that data of therespective segment has not yet been transferred to supplementary systemZAS. It is thus possible to transfer the changes selectively in the caseof new and/or revised data in main memory area HSB of basic system BAS.

In a first updating run, data of all segments of main memory area HSB ofbasic system BAS is first transferred to supplementary system ZAS in acertain sequence. Then in at least one additional updating run, onlydata of segments of main memory area HSB of basic system BAS whosestatus information indicates that data of the respective segment has notyet been transferred to supplementary system ZAS is transferred tosupplementary system ZAS.

To control industrial operation TP, basic system BAS executes a controlprogram stored in main memory area HSB. As is generally conventional incontrolling industrial operations TP, this program is subdivided intoindividual functions or tasks, each of which is assigned a certainpriority. Tasks with which important and/or time-critical functions aremonitored have a high priority, while other tasks whose execution is ofsubordinate importance for controlling industrial operation TP, such asdisplaying the time of day, have a low priority. If the execution ofcertain tasks is deferred temporarily, the time previously needed toexecute these tasks is then available for other tasks, such as updating.

Thus, in an advantageous embodiment, the updating method can be executedespecially rapidly and efficiently if tasks with a priority below afirst priority limit are deferred after the first updating run and iftasks with any priority are executed again after conclusion of theupdating method. After the first updating run, the basic data inventoryof basic system BAS is transferred to supplementary system ZAS usingsection-by-section readout from the main memory area of basic system BASand writing to main memory area HSB of supplementary system ZAS.

Following execution of the updating method, thus only the changesoccurring during this first updating run are to be transferred. If taskswith a priority below a first priority limit are now deferred, the timewhich was previously required to execute the tasks with a priority belowthe first priority limit is now also available for transferring changes.

Therefore, a great many revised segments can be transferred in a singleadditional updating run. Updating is always completed very rapidly whenthe number of segments transferred in each individual updating run issmaller than the number of newly added, revised segments. To be able toguarantee this reliably, the priority limit may be preselectable, sothat even the final user, for example, can define the first prioritylimit.

The updating method is completed even more rapidly if tasks with apriority below a next-higher priority limit are deferred after eachadditional updating run and/or after a fixed number of additionalupdating runs. Thus, in additional updating runs, the time available forupdating increases, so that an increasing number of segments can betransferred. Finally, due to the continued deferment of tasks, there isless and less new and/or revised data in main memory area HSB of basicsystem BAS, so that not only does the number of segments transferredincrease, but also the number of segments to be transferred due to thechanges that have occurred in the meantime decreases.

Updating is considered as executed when both the first updating run,when data of all segments of main memory area HSB of basic system BAS istransferred to supplementary system ZAS in a certain sequence, and theminimum or one additional updating run, when the only data transferredto supplementary system ZAS is data of segments of main memory area HSBof basic system BAS whose status information indicates that data of therespective segment is yet to be transferred to supplementary system ZAS,are completed.

The minimum of one additional updating run is in turn completed when allstatus information of the segments of main memory area HSB of basicsystem BAS indicates that the data of the respective segment has alreadybeen transferred to supplementary system ZAS.

If updating is considered as executed, a test quantity may be determinedadditionally in some cases—to increase reliability—in both automationsystems BAS, ZAS on the basis of the data already updated or yet to beupdated. The test quantity may be, for example, a test sum or asignature. The test quantities determined are exchanged and comparedover communication means KM. If the test quantities are identical, theupdating is considered as concluded without error; otherwise all or partof the updating method is repeated. To permit partial repetition ofupdating in the case of error, the test quantity may be constructed sothat a suitable interpretation makes it possible to determine for whichdata the updating method is to be repeated in part.

This updating can be implemented by an overall automation system AGSwhich has a buffer memory area ZSB and executes the updating methoddescribed here. In an advantageous embodiment—in deviation from thediagram in FIG. 1—one of automation systems BAS, ZAS of such an overallautomation system AGS has buffer memory area ZSB. Automation system BAS,ZAS may be either basic automation system BAS or supplementaryautomation system ZAS.

What is claimed is:
 1. An updating method for coupling a supplementaryautomation system to an overall automation system, the supplementaryautomation system including a first memory, comprising: controlling bythe overall automation system and without interruption, an industrialoperation, the overall automation system including a basic automationsystem, the basic automation system including a second memory;continuously modifying contents of the second memory as a function ofthe uninterrupted control of the industrial operation; reading firstdata section-by-section from the second memory; when the first data isread from the second memory, writing the first data to a buffer memory;writing second data to the second memory; when the second data iswritten to the second memory, writing the second data and positioninformation to the buffer memory, and transferring contents of thesecond memory to the supplementary automation system via a communicationarrangement, wherein the first memory and the second memory are dividedinto segments, wherein the writing second data to the second memoryincludes writing the second data to a first segment of the second memorysegments, and wherein the transferring includes transferring entirecontents of the first segment of the second memory to the supplementaryautomation system, and wherein the transferred entire contents of thefirst segment of the second memory is written to the first memory. 2.The updating method according to claim 1, further comprising the stepsof: assigning respective status information to each respective segmentof the second memory segments; at a start of the updating method,setting each respective status information to a value indicating thatdata of the respective segment has not yet been transferred to thesupplementary automation system; for each respective segment, when dataof the respective segment is transferred to the supplementary automationsystem, setting the respective status information to a value indicatingthat the data of the respective segment has been transferred to thesupplementary automation system; for each respective segment, when dataof the respective segment is one of new and revised, setting therespective status information to a value indicating that the data of therespective segment is yet to be transferred to the supplementaryautomation system; and transferring data from at least one respectivesegment to the supplementary automation system only if the respectivestatus information of the at least one respective status is of the valueindicating that the data of the respective segment is yet to betransferred.
 3. The updating method according to claim 2, furthercomprising the steps of: in a first updating run, transferring data ofall segments of the second memory to the supplementary automation systemin a predetermined sequence; and in at least one additional updatingrun, transferring data from at least one respective segment of thesecond memory to the supplementary automation system only if therespective status information of the at least one respective segment isof the value indicating that the data of the respective segment is yetto be transferred.
 4. The updating method according to claim 3, furthercomprising the steps of: executing tasks by the basic automation systemto control the industrial operation, each of the tasks having apredetermined priority; after the first updating run, deferring thetasks having a priority below a first priority limit; and afterconclusion of the updating method, executing the tasks having anypriority.
 5. The updating method according to claim 3, wherein aftereach of the at least one additional updating run, deferring the taskshaving the priority below a next higher priority limit.
 6. An updatingmethod for coupling a supplementary automation system to an overallautomation system, the supplementary automation system including a firstmemory, comprising: controlling by the overall automation system andwithout interruption, an industrial operation, the overall automationsystem including a basic automation system, the basic automation systemincluding a second memory; continuously modifying contents of the secondmemory as a function of the uninterrupted control of the industrialoperation; reading first data section-by-section from the second memory;when the first data is read from the second memory, writing the firstdata to a buffer memory; writing second data to the second memory; whenthe second data is written to the second memory, writing the second dataand position information to the buffer memory, and transferring contentsof the second memory to the supplementary automation system via acommunication arrangement, wherein the first memory and the secondmemory are divided into segments, wherein the writing second data to thesecond memory includes writing the second data to a first segment of thesecond memory segments, wherein the transferring includes transferringentire contents of the first segment of the second memory to thesupplementary automation system, and wherein the transferred entirecontents of the first segment of the second memory is written to thefirst memory with analysis of the position information.
 7. An overallautomation system for uninterrupted control of an industrial operation,comprising: a buffer memory; a basic automation system including a firstmemory storing at least one of first data and first machine commands,the first memory being continuously updated as a function of theuninterrupted control of the industrial operation, wherein when the atleast one of the first data and the first machine commands is readsection-by-section from the first memory, the at least one of the firstdata and the first machine commands is written to the buffer memory, andwhen the at least one of the first data and first machine commands iswritten to the first memory, the at least one of the first data andfirst machine commands is written to the buffer memory; a supplementaryautomation system including a second memory storing at least one ofsecond data and second machine commands, contents of at least one of thefirst memory and the buffer being transferred to the second memory bysection-by-section readout and writing, wherein contents of the bufferare optionally written to the second memory with analysis of positioninformation; a processor executing at least one of the first machinecommands and the second machine commands and controlling the industrialoperation; a first communication arrangement for providing communicationto the industrial operating; a second communication arrangement forproviding communication to the basic automation system and thesupplementary automation system; and a bus coupling the firstcommunication arrangement, the second communication arrangement, theprocessor, the first memory, and the second memory, wherein the firstmemory, the second memory, and the buffer are divided into segments,wherein the at least one of the first data and the first machinecommands is written to a selected segment of the first memory segments,contents of the entire selected segment being written to the buffermemory with the position information, the transferred contents of theentire selected segment being written to the second memory from thebuffer memory with analysis of the position information.
 8. The overallautomation system according to claim 7, wherein each of the segments ofthe first memory and the second memory is assigned status information.